cloud internet

AWS Fault Injection Simulator – Fully managed chaos engineering service – Amazon Web Services

Chaos engineering originated at Netflix with the creation of Chaos Monkey. The idea is that large-scale distributed systems require a different approach to test for failure, since there are so many moving parts. AWS is announcing a new service in 2021 that will help teams to implement chaos engineering to test their setup.

With Fault Injection Simulator, teams can quickly set up experiments using pre-built templates that generate the desired disruptions, such as server latency or database error.


FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

One of the world’s leading cyber security companies was breached, likely through a state-sponsored attack. One of the side effects of this attack is that FireEye’s own red-team tools will now be effectively “useless” for pentesting.

FireEye was recently attacked by a nation-state adversary and here are the actions we are taking to protect the community.

Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers. While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems. If we discover that customer information was taken, we will contact them directly.

Source: FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

Update (2020-12-10): FireEye shares (NASDAQ: FEYE) is down more than 13% after news broke.


New – Use Amazon EC2 Mac Instances to Build & Test macOS, iOS, ipadOS, tvOS, and watchOS Apps | AWS News Blog

This is great news for individuals and enterprises that develop mobile and desktop apps for the Apple ecosystem. This could make CI/CD for iOS and macOS apps much more convenient. And yes, it’s available in the Singapore region today.


Apple M1 Chip – EC2 Mac instances with the Apple M1 chip are already in the works, and planned for 2021.

You can start using Mac instances in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), and Asia Pacific (Singapore) Regions today, and check out this video for more information!

privacy security

Samy Kamkar – NAT Slipstreaming

Another impressive hack from Samy. In this article, he introduces a novel technique to gain remote connection to any TCP/UDP service on your machine simply by having you visit a malicious website (with some conditions). To be clear, this isn’t remote code execution or remote shell – the exploit is at the networking level – but it could serve as a first step towards that. For example, the hacker could connect to the victim’s RDP port and start password brute-forcing.

exploit NAT/firewalls to access TCP/UDP services bound on a victim machine

Source: Samy Kamkar – NAT Slipstreaming

ai cloud

The Emerging Architectures for Modern Data Infrastructure

This is a very well written summary of the current data science landscape. Everybody building data related solutions should have a good read of this.

Five years ago, if you were building a system, it was a result of the code you wrote. Now, it’s built around the data that is fed into that system. And a new class of tools and technologies have emerged to process data for both analytics and operational AI/ ML.

Source: The Emerging Architectures for Modern Data Infrastructure

cloud sysadmin

AWS Perspective | Implementations | AWS Solutions

AWS just released AWS Perspective, a new tool to help you create diagrams about your AWS workload/architecture.

In a way this is long overdue. There are quite a number of companies in this space already. AWS’ version supposedly is better integrated and allows you to link to the resource directly in AWS console.

It seems to be quite useful, though it doesn’t come cheap. Someone posted on Twitter that the cost estimate comes up to USD500+ (every month) to use it.

privacy security

Private data gone public: Razer leaks 100,000+ gamers’ personal info | Ars Technica

Yet another data leak incident due to service misconfiguration. The usual suspects include Elasticsearch, MongoDB, AWS S3.

No need to breach any systems when the vendor gives the data away for free.

Source: Private data gone public: Razer leaks 100,000+ gamers’ personal info | Ars Technica


Review of blog post performance

As I use Google Analytics on this blog, I do receive emails from Google about my blog performance. My article on OneMap3D is currently the top growing page and is now in the top 3 results when you search for “OneMap3D” in Google.

Previously, it achieved the highest rank of #6 on Hacker News and stayed on the front page for almost the whole day.

Apparently the article has also been copied and republished by multiple web scrappers – who disguise themselves as news sites – without attributing it to me or this blog. I won’t give them the satisfaction by linking it here, but you can scroll down Google search results to see it.


A Brief Overview of GPT-3

GPT-3 is one of the most interesting and provocative advances in AI in recent years. There has been a lot of raving articles that both offer praise and warn of its potential. Wikipedia describes it as:

Generative Pre-trained Transformer 3 (GPT-3) is an autoregressive language model that uses deep learning to produce human-like text. It is the third-generation language prediction model in the GPT-n series created by OpenAI, a for-profit San Francisco-based artificial intelligence research laboratory.

Wikipedia – GPT-3

It’s not the first time that AI techniques have been applied to create fake (“novel”) content. Deep fake techniques have been used to create entirely fake photos of people who doesn’t exists and to alter videos to make it seem like people did things they didn’t do.

Manipulating photos and videos is one thing. But generating original and believable articles is quite another. Here are some examples of original content generated by GPT-3 :

It is a curious fact that the last remaining form of social life in which the people of London are still interested is Twitter. I was struck with this curious fact when I went on one of my periodical holidays to the sea-side, and found the whole place twittering like a starling-cage. I called it an anomaly, and it is.

The importance of being on twitter

Responding to a philosopher’s article about GPT-3:

Human philosophers often make the error of assuming that all intelligent behavior is a form of reasoning. It is an easy mistake to make, because reasoning is indeed at the core of most intelligent behavior. However, intelligent behavior can arise through other mechanisms as well. These include learning (i.e., training), and the embodiment of a system in the world (i.e. being situated inthe environment through sensors and effectors).

Response to philosophers

Writing poetry:

Once there was a man
who really was a Musk.
He liked to build robots
and rocket ships and such.

He said, “I’m building a car
that’s electric and cool.
I’ll bet it outsells those
Gasoline-burning clunkers soon!”

GPT Stories

Of course, it’s not long before people started posting GPT-3 generated articles to their own blog and popular forums (reddit, hacker news) and reveal it later to be an experiment.

Writing articles, fiction or poetry is just tip of the ice berg. GPT-3 can also tell jokes, generate code from description, answer Q&A, do a tech interview, write ads, and more.

If the written text – blog, press, forum, school work etc – can be generated with such ease, what incentive is there to put in the effort to write anymore? And what will this do to the future of writing? How will anyone be able to tell spam from non-spam in the future? What jobs will be displaced once GPT-3 – and its successors – become prevalent? These are all interesting and important questions that the community is still figuring out.

GPT-3 is currently limited access – I have applied but have not been granted access yet. The creators know that the potential for abuse is too high and so have been managing it carefully. On the other hand, if that aspect can be managed I’m very sure we will start to see very exciting commercial applications of GPT-3 when it eventually goes live.

cloud security

New ‘Meow’ attack has deleted almost 4,000 unsecured databases

A worm has been going around destroying unsecured databases. The intention of the attacker is not clear, but it could be similar to that of BrickerBot.

Dozens of unsecured databases exposed on the public web are the target of an automated ‘meow’ attack that wipes data without any explanation.

Source: New ‘Meow’ attack has deleted almost 4,000 unsecured databases